Merge branch 'aureplop/fix_perms_settings' into 'test/views_kfet'
Fix kfet config-related permissions See merge request !244
This commit is contained in:
commit
6e140e540d
5 changed files with 46 additions and 15 deletions
18
kfet/migrations/0057_add_perms_config.py
Normal file
18
kfet/migrations/0057_add_perms_config.py
Normal file
|
@ -0,0 +1,18 @@
|
|||
# -*- coding: utf-8 -*-
|
||||
from __future__ import unicode_literals
|
||||
|
||||
from django.db import migrations, models
|
||||
|
||||
|
||||
class Migration(migrations.Migration):
|
||||
|
||||
dependencies = [
|
||||
('kfet', '0056_change_account_meta'),
|
||||
]
|
||||
|
||||
operations = [
|
||||
migrations.AlterModelOptions(
|
||||
name='account',
|
||||
options={'permissions': (('is_team', 'Is part of the team'), ('manage_perms', 'Gérer les permissions K-Fêt'), ('manage_addcosts', 'Gérer les majorations'), ('edit_balance_account', "Modifier la balance d'un compte"), ('change_account_password', "Modifier le mot de passe d'une personne de l'équipe"), ('special_add_account', 'Créer un compte avec une balance initiale'), ('can_force_close', 'Fermer manuellement la K-Fêt'), ('see_config', 'Voir la configuration K-Fêt'), ('change_config', 'Modifier la configuration K-Fêt'))},
|
||||
),
|
||||
]
|
|
@ -75,6 +75,8 @@ class Account(models.Model):
|
|||
('special_add_account',
|
||||
"Créer un compte avec une balance initiale"),
|
||||
('can_force_close', "Fermer manuellement la K-Fêt"),
|
||||
('see_config', "Voir la configuration K-Fêt"),
|
||||
('change_config', "Modifier la configuration K-Fêt"),
|
||||
)
|
||||
|
||||
def __str__(self):
|
||||
|
|
|
@ -1653,7 +1653,7 @@ class SettingsListViewTests(ViewTestCaseMixin, TestCase):
|
|||
def users_extra(self):
|
||||
return {
|
||||
'team1': create_team('team1', '101', perms=[
|
||||
'kfet.change_settings',
|
||||
'kfet.see_config',
|
||||
]),
|
||||
}
|
||||
|
||||
|
@ -1686,26 +1686,34 @@ class SettingsUpdateViewTests(ViewTestCaseMixin, TestCase):
|
|||
def users_extra(self):
|
||||
return {
|
||||
'team1': create_team('team1', '101', perms=[
|
||||
'kfet.change_settings',
|
||||
'kfet.change_config',
|
||||
]),
|
||||
}
|
||||
|
||||
def test_get_ok(self):
|
||||
r = self.client.get(self.url)
|
||||
self.assertequal(r.status_code, 200)
|
||||
self.assertEqual(r.status_code, 200)
|
||||
|
||||
def test_post_ok(self):
|
||||
r = self.client.post(self.url, self.post_data)
|
||||
self.assertRedirects(r, reverse('kfet.settings'))
|
||||
# Redirect is skipped because client may lack permissions.
|
||||
self.assertRedirects(
|
||||
r,
|
||||
reverse('kfet.settings'),
|
||||
fetch_redirect_response=False,
|
||||
)
|
||||
|
||||
self.assertDictEqual(dict(kfet_config.list()), {
|
||||
expected_config = {
|
||||
'reduction_cof': Decimal('25'),
|
||||
'addcost_amount': Decimal('0.5'),
|
||||
'addcost_for': self.accounts['user'],
|
||||
'overdraft_duration': timedelta(day=2),
|
||||
'overdraft_duration': timedelta(days=2),
|
||||
'overdraft_amount': Decimal('25'),
|
||||
'kfet_cancel_duration': timedelta(minutes=20),
|
||||
})
|
||||
'cancel_duration': timedelta(minutes=20),
|
||||
}
|
||||
|
||||
for key, expected in expected_config.items():
|
||||
self.assertEqual(getattr(kfet_config, key), expected)
|
||||
|
||||
|
||||
class TransferListViewTests(ViewTestCaseMixin, TestCase):
|
||||
|
|
|
@ -188,13 +188,9 @@ urlpatterns = [
|
|||
# Settings urls
|
||||
# -----
|
||||
|
||||
url(r'^settings/$',
|
||||
permission_required('kfet.change_settings')
|
||||
(views.SettingsList.as_view()),
|
||||
url(r'^settings/$', views.config_list,
|
||||
name='kfet.settings'),
|
||||
url(r'^settings/edit$',
|
||||
permission_required('kfet.change_settings')
|
||||
(views.SettingsUpdate.as_view()),
|
||||
url(r'^settings/edit$', views.config_update,
|
||||
name='kfet.settings.update'),
|
||||
|
||||
|
||||
|
|
|
@ -1452,6 +1452,9 @@ class SettingsList(TemplateView):
|
|||
template_name = 'kfet/settings.html'
|
||||
|
||||
|
||||
config_list = permission_required('kfet.see_config')(SettingsList.as_view())
|
||||
|
||||
|
||||
class SettingsUpdate(SuccessMessageMixin, FormView):
|
||||
form_class = KFetConfigForm
|
||||
template_name = 'kfet/settings_update.html'
|
||||
|
@ -1460,13 +1463,17 @@ class SettingsUpdate(SuccessMessageMixin, FormView):
|
|||
|
||||
def form_valid(self, form):
|
||||
# Checking permission
|
||||
if not self.request.user.has_perm('kfet.change_settings'):
|
||||
if not self.request.user.has_perm('kfet.change_config'):
|
||||
form.add_error(None, 'Permission refusée')
|
||||
return self.form_invalid(form)
|
||||
form.save()
|
||||
return super().form_valid(form)
|
||||
|
||||
|
||||
config_update = (
|
||||
permission_required('kfet.change_config')(SettingsUpdate.as_view())
|
||||
)
|
||||
|
||||
|
||||
# -----
|
||||
# Transfer views
|
||||
|
|
Loading…
Reference in a new issue